Laser Focus on ESG – Role of Internal Audit


ESG has gained mainstream recognition at a pace faster than digital transformation! ESG is becoming everyone’s business almost at the same time as we learn about it. Volunteer guidelines and frameworks like GRI and SASB converged into the Value Reporting foundation on 1st June 2021. Then regulators like SEBI came up with BRSR and investors pushed disclosures and active action! ESG  theme is now spreading like wildfire across the landscape.

ESG is at the core of businesses:

ESG clearly intersects with financial decisions, business strategy; business model; products and services; risks and opportunities; governance and reporting. Cutting across responsibilities of internal stakeholders: Board, CXO, CS, CAE, CSR, R&D, procurement and employees have specific roles to play and KPIs to deliver in an organization’s ESG charter. The business of external stakeholders: Government, regulators, investors, community, environment and supply-chain are directly influencing or are impacted by an organization’s ESG actions.

Influencing business outcomes: ESG strategy is increasingly correlated to financial performance, brand image, market cap, ligations, investments, performance in rating, ranking and indices and other business events. As the ESG thrust pushes the leaders into action within the corporate world, along comes the chaos of numerous confusions; trial and error based solutions; ambiguous reporting;  and greenwashing communications. Corporate ESG Reporting is gaining reasonable amount of clarity and direction as the global standard setters focus on convergence efforts such as  common reporting format and establishment of Value Reporting Foundation. ESG Assurance , rating and ranking methods need standardisation and regularization.  Market and financial regulators across the globe vouch for the need for board and executive management to provide necessary assurance (be it internal or external) on their ESG performance and reporting as their stakeholders take key decisions based on them.

ESG Audit Standards and Guidelines

Assurance practices and standards are transforming rapidly. Global guidelines shall firm up as IFRS’s (International Financial Reporting Standards) newly established Sustainability Standards Board(SSB) takes shape. IIA (Institute of Internal Auditors) has published a whitepaper this year on “Internal Audit’s role on ESG Reporting”. Additionally, AICPA (American Institute of Certified Public Accountant) and Center for Audit Quality (CAQ) have jointly published ESG Reporting and Attestation: A Roadmap for Audit Practitioners, that provides assistance to accounting professionals to understand and include ESG in their audit function.

Today, the Big Four accounting firms and ‘AccountAbility’ provide the vast majority of external ESG assurance.  The level of assurance awarded are “Limited” or “Reasonable”.  Technology and establishing standards will positively enable an “Absolute” assurance level in the coming years.


ESG consulting providers  combined with internal audit function could provide very valuable internal ESG assurance and advisory that organizations need today. An Internal Audit (IA) function that is relevantly scaled up and supplemented with ESG competencies, is very strongly positioned to deliver ESG assurance services for the following reasons:

  • Alignment to Audit Function: Focus on governance, internal control, risk management and advisory.
  • Highly interconnected with Financial Reporting: ESG decisions, actions and disclosures are closely interconnected with the financial dimensions of the business.
  • Holistic understanding of business and ecosystem: IA function’s ability to relate to the market, industry, business process, internal controls and business data of the organization.
  • Alignment to the profession: Reliance over the profession in terms of independent assurance, objectivity, quality and integrity.

IA can expect and must prepare to address the following scenarios as they embark on their ESG journey

  • ESG landscape will continue to evolve at a significantly high pace in the coming years.
  • The demand for internal ESG assurance will increase multi-fold.
  • Regulations, standards, frameworks  and assurance practices will continue to evolve and establish. It is important to always stay on top of the latest and greatest from the industry.
  • Competency build is key.
  • The organization, its stakeholders and the ecosystem are also in the continuous learning process and will require enablement at various levels.

ESG Maturity Model

The first step towards getting ready for an ESG audit is to have a clear understanding of a relevant ESG maturity model and to imagine where the respective industry, organization and its peers are positioned within it. A reference maturity model can be as described below.

ESG Audit Focus Areas:

The IIA whitepaper on the subject advises IA to focus on Reporting and Advisory in the following areas.


  • Review reporting metrics for relevancy, accuracy, timeliness, and consistency
  • Review Reporting for consistency with formal financial disclosure filings
  • Conduct Materiality of Risk Assessments on ESG Reporting


  • Build ESG control environment
  • Recommend Reporting Metrics
  • Advise on ESG Governance

Let us elaborate these concepts and understand how a thorough and holistic ESG audit can add tremendous value in an organization’s effort to continuously elevate their ESG performance.

1. Stakeholder Identification:

– Are all relevant stakeholders of the business clearly identified?

– Are the processes, governance and channels well established for all stakeholder engagement?

2. Materiality: 

– Is the business materiality identified and assessed?

– Were stakeholders involved in the materiality assessment process?

– Are the impacts on stakeholders and business relevantly charted out?

– Is the assessment and mapping relevant for the business, industry and market?

3. Risks & Opportunities:

– Has the business identified all risks and opportunities with respect to ESG?

– Have they been relevantly assessed in the business landscape?

4. Strategy:

– Does the organization have a clear ESG strategy?

– How does the strategy fare in the industry and among peers?

– Is the ESG strategy well aligned to the business strategy?

– Is the strategy focussed on creating long term value?

– Is the strategy clearly link to defined outcomes?

– Does the strategy engage internal and external stakeholders relevantly?

5. Charter, Plan and Targets:

– Has the defined ESG strategy been expanded into detailed charter with specific, identified projects?

– Are the plans to execute charter in place and are they valid?

– Have necessary technical validations been done on the chosen projects and solutions?

– Are short/medium/long term targets and goals been defined and are they relevant?

– Does the charter lead to the defined outcomes?

6. Net Zero Commitments and Plan:

– Has the organization made a net zero commitment?

– Is it in alignment to the national and industry expectations?

– Is the commitment supported by plan and solutions?

– Are the solutions viable and validated sufficiently?

– Has the organization engaged with necessary certification and assessments processes such as CDP and SBTi(Science Based Targets Initiative)

7. Governance:

– Is there clear governance mechanism defined and followed in delivering the ESG charter?

– What is the level of engagement and focus by board of directors?

– How are Executive teams engaged?

– Are relevant KPIs defined and attached to the stakeholders?

– Are the internal control mechanisms defined and followed?

8. Data & Technology:

– Is required data available, reliable and accessible?

– Are measurement mechanisms appropriate?

– Is the ESG and Enterprise data and technology relevantly Integrated?

– Is the ESG charter and Governance digitally enabled?

– Are future technology requirements identified?

9. Reporting:

– What standards and frameworks are being followed?  

– Do they sufficiently cover the stakeholders it is addressed to?

– Is the reporting relevant, relatable, reliable and consistent?

– Is ‘action’ to ‘communication’ relevantly bridged?

10. Actual Outcomes and Feedback Loop:

– How do the actual outcomes fare against planned?

– How does the organization fare in rating, ranking and indices when compared with the industry and peers?

– Are ESG outcomes related to business outcomes relevantly and rightly?

– Is there a feedback mechanism established to revise Strategy, Charter and Governance based on outcomes?

An audit report must detail the audit scope chosen and the reasoning behind; assurance and reporting standards followed; the team composition and the competencies; the level of assurance provided; and the findings and recommendations.

In conclusion, IA is strategically positioned to enable the most required ESG assurance and advisory for organizations.  Preparing well for the evolving landscape and quickly building the competencies by way of supplementing the team with necessary ESG expertise and continuous trainings are key to the success of IA’s ability to provide ESG assurance and advisory. Go forward with the full confidence that capabilities can and must be built. Whoever reaches the high ground first will be a big winner. Let’s all win together!

Leave a Comment